ATMs provide banking customers with the ability to withdraw funds, deposit funds and access bank account information. Because of their highly automated functions, ATMs are generally able to operate without the supervision of a human clerk. As a result, many ATMs are located in a variety of locations remote from banking centers. For example, ATMs may be placed on street corners, at convenience stores, supermarkets or sports arenas. This wide variety of ATM locations provides banking customers with quick access to cash and bank account information in multiple locations.
However, the lack of human supervision at the multiple ATM locations creates the risk of a thief compromising the security of one or more of the ATMs. For example, the thief may place a skimming device over an ATM card slot reader to capture information encrypted in a magnetic stripe of an inserted card. The thief may additionally use a thin keypad overlay affixed to the ATM's keypad to record buttons pressed by a customer. Alternatively, the thief may place a hidden camera on the ATM to record a video of the hand movements of the customer while inputting his PIN. Such information may subsequently be used to gain unauthorized access to the customer's cash and bank account information.
Skimmer devices, keypad overlays and hidden cameras are becoming increasingly common and difficult to detect. A skimmer or keypad overlay may look and feel like a legitimate part of the ATM and may operate in a manner transparent to a customer. A hidden camera the size of a pinhole is sufficient to record PIN information, thus enabling the camera to be easily hidden and hard to identify.
According to the European ATM Security Team (EAST), a not-for-profit payment security organization, ATM crimes in Europe increased 149 percent between 2007 and 2008. Most of the increase has been linked to ATM skimming attacks. During 2008, a total of 10,302 skimming incidents were reported in Europe. In the United States, between April and May of 2010, one bank estimated losses of over 200,000 USD due to compromised PIN numbers.
Therefore, it is desirable to provide systems and methods to reduce the capture and replication of a banking customer's user identification information. Specifically, it is desirable to provide at an ATM a customer authentication method that is difficult to be captured and replicated by an unauthorized user.